Statistical Sampling.

a) What is the risk of incorrect acceptance for Robert and for Donna and which auditor will
have to collect the most evidence (explain your reasoning)?

The risk of incorrect acceptance = AR/IR *CR * APR

AR = 0.02; IR = 1.0; CR = 0.4 for Robert; CR = 0.2 for Donna .

RIA:
For Robert: 0.02/1.0 * 0.4*1 = 0.05
For Donna: 0.02/1.0 * 0.2*1 = 0.10

Auditor for Robert will have to collect more evidence since it has the lower RIA as
compared to Donna. The lower the rate of incorrect acceptance the more the evidence is
required.

b) Using Donna’s assessment, complete the following schedule (if necessary, round sample
size per table up for sample size to use)

Attribute 1 Attribute 2

Risk of assessing control risk too 5% 5%

low
Tolerable deviation rate 7% 6%

Expected population deviation rate 2% 1%

Sample size per table 88 78

 Sample size used 90 80

Number of deviations identified 2 2

Sample deviation rate (SDR) 2.22% 2.50%

Achieved upper deviation rate 6.90% 7.70%

c) Evaluate the sample results for the 2 attributes. What statistical conclusion do you make
for each attribute?

While evaluating the sample results of the 2 attributes from the above table it was found
that there is a 85% to 90% chance that the expected population rate for attribute 1 would
be less then equal to 6.90% which is achieved deviation rate. And the same is in the case
of attribute 2 where it is very unlikely for the expected population rate to be more than
the achieved deviation rate which is 7.70%.

d) What is the audit decision you would make based on the quantitative sample results for
each attribute? Include in your answer what recommendations might be made regarding
the use of Risk Management Techniques.

For attribute 1, the achieved deviation rate is 6.90% which is lesser than the tolerable
deviation rate 7% (given) shows that there is an effective control over the agreement of
the voucher amounts and the invoices.

Recommendation: Since, the sample indicates that the control can be relied upon to
decrease the risk to an acceptable low level. The effectiveness of the level of control over
the validity of the voucher with relation to the invoice is acceptable.
 For attribute 2, the achieved deviation rate is 7.70% which is greater than the tolerable
deviation rate 6% (given) shows that the voucher is void or forfeited when the payment
control isn’t accepted.

Recommendation: Since, the sample shows that the voucher is cancelled or void after the
payment control isn't accepted effectively. It indicates that's the control isn't effective or
can be relied upon in order to reduce the risk to an acceptable level.

e) Compare the SDR results you calculated for Donna to that using Robert’s assessments.
Briefly discuss the difference in SDR results in terms of the costs and benefits of audit
work.
It can be seen clearly in the above table that the SDR results for Donna are higher than
Robert. When Robert has an SDR of 2.22%, Donna has a SDR for 2.50%. There is a
almost 0.28% difference between the two. In terms of the costs and benefits choosing the
first attribute that of Robert will be more beneficial since the auditor would not have to
gather a lot more evidence in order to prove the theory. Since, the achieved deviation rate
6.90% is less than the tolerable deviation rate 7%. Therefore, the sample and the level of
control effectiveness can be relied upon to reduce the risk to an acceptable low level. This
is not the case for an attribute 2 because it will require the auditor to gather more
evidence since it has the achieved deviation rate of 7.70% which is higher than the
tolerable rate of deviation that is 6%.

f) List the two types of computer-assisted audit techniques (CAATs) and three
prerequisites to be met before the internal auditor can consider using (CAATs).

Two types of computer-assisted audit techniques (CAATs) are as follows:

The utility software: It’s a database management software that generates reports and
summaries along with other things that provides evidence to the auditor about the system
control effectiveness.
 Expert systems along with generalized audit software: Performs summarized analysis
from various database files. Along with the problem-solving software to perform on the
given data if needed.

Three prerequisites to be met before the internal auditor can consider using (CAATs) are
as follows:

 the IT knowledge along with the expertise and experience of the audit team.
 the availability of CAATs and other suitable computer facilities.
 the impracticability of manual tests.
 effectiveness and efficiency

Reference:

(n.d) https://learn-us-east-1-prod-fleet02-
xythos.content.blackboardcdn.com/5c082fb7a0cdb/16588801?X-Blackboard-
Expiration=1632960000000&X-Blackboard-Signature=Liq%2BRV0fA
%2FCJMtQChFNWqBYtlLe9musYhhjfdp3UOTk%3D&X-Blackboard-Client-
Id=100885&response-cache-control=private%2C%20max-age%3D21600&response-
content-disposition=inline%3B%20filename%2A%3DUTF-8%27%27Statistical
%2520Sampling%2520minicase.Robert%2520and%2520Donna.re.ch11.pdf&response-
content-type=application%2Fpdf&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-
Date=20210929T180000Z&X-Amz-SignedHeaders=host&X-Amz-Expires=21600&X-
Amz-Credential=AKIAZH6WM4PL5SJBSTP6%2F20210929%2Fus-east-
1%2Fs3%2Faws4_request&X-Amz-
Signature=f90b6d034656719698f1522ac1800136662783cb1b62df2e596c3269ab150fd2

Computer assisted audit technique. Default. (n.d.). Retrieved September 30, 2021, from
https://kfknowledgebank.kaplan.co.uk/audit-and-assurance/audit-evidence/computer-
assisted-audit-technique.
(n.d) https://www.icjce.es/images/pdfs/TECNICA/C01%20-%20IFAC/C.01.025%20-%20IAASB
%20-%20IAPSs%201000-1999/(retirada)%20IAPS_1009_ComputerAssisted.pdf

Anderson, U. L. (2017). Internal auditing: Assurance & advisory services. International Audit
Foundation.